Hi developers,
I am a undergraduate student and an open source enthusiast. I am currently working on a PHP web application that allows the users to upload files to the system.
I have come across a minor problem, and even after a lot of research on the internet, I couldn't find a decent solution to my problem. And then suddenly, it struck me that Mantis has already been doing this for quite sometime. I'd like to take a page from Mantis's book and use it in my application.
Here is the problem I'm facing right now:
I'm working on a open source PHP web application that allows anonymous users to upload files in various formats to the system. The file being uploaded might be malicious or infected with virus/malware. Hence, I need to secure the filesystem and save it from such virus attacks.
Mantis allows the bug reporters to attach all sort of files, images (screenshots), sample php, html files, patches etc. So, my question is how does Mantis secure itself from potentially dangerous files that can be uploaded by evil users?
I could have used some sort of trigger to immediately check the file by calling clamscan with the file's location on a linux machine, but the problem is that the webapplication can be used on any webserver on any Operating system. And hence it won't work on windows, as the server owner might have some other propritary antivirus software, and it won't be possible to add hooks for all such AV in the configuration file.
I hope I have been able to explain my problem. I want to know how Mantis takes care of this problem ?
Thank you
Measures to safely store uploaded files on the filesystem
Moderators: Developer, Contributor